Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Allocating liability for data breaches in technology contracts is a growing concern for Canadian businesses. Blakes recently launched the first edition of the Canadian Data Liability Study, which identifies and analyzes...more
On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like...more
The past year has introduced some uncertainty for institutional defendants facing privacy breach class actions in Canada. While Ontario’s Court of Appeal has been consistent in its approach to class actions against “database...more
An English Court has recently decided that three insurance policies covering the same loss – data breach settlements arising from an incorrectly addressed email – provided a combined, cumulative limit of indemnity. While the...more
When we are retained by clients to guide them through a cyber-attack in which information has been stolen by a threat actor, we almost always find that the client has unnecessarily stored sensitive information far beyond the...more
Wire transfer fraud is on the rise, and attorneys are increasingly becoming prime targets for cybercriminals. With billions lost annually to fraudulent transactions, legal professionals who fail to implement robust...more
In a decision on immaterial damages under Article 82 of the EU General Data Protection Regulation (GDPR), the Higher Regional Court of Dresden, Germany (case number 4 U 940/24), set out important monitoring and auditing...more
Recent reports concerning a potential security incident involving Oracle Cloud services provide a warning for many companies who allow third parties to access or store sensitive company data. A threat actor claims to have...more
In Home Depot Inc. v. Steadfast Insurance Co., Home Depot learned the hard way a rule every DIY enthusiast knows: measure twice, cut once. It appears Home Depot’s measurements were off when it sized up its insurance needs,...more
The 2014 Home Depot data breach was one of the more notorious cyberattacks. A decade later, litigation over that incident continues. The Sixth Circuit recently decided whether an electronic data exclusion cleared insurers...more
Our Consumer Protection/FTC and Privacy, Cyber & Data Strategy teams unpack Starwood Hotels’ and Marriott International’s settlements with the Federal Trade Commission and Marriott’s settlement with state attorneys general...more
Managing these risks at a single company should be straightforward. Executives and CISOs may be personally held accountable for cyber failings, negligence, breaches, and inadequate disclosure around cyber vulnerabilities and...more
The Internet of Things (“IoT”) has ushered in a new era of connectivity and convenience, but with it comes a host of legal issues and emerging theories of liability. As IoT devices become increasingly ubiquitous in our daily...more
What is a Management Body? Under both DORA and NIS2, a management body can be a body with managerial and/or supervisory functions. The powers and structure of management bodies vary within the EU Member State, and managerial...more
In today’s digital age, our every action generates a trail of data. From online searches to credit card details, this data is collected by companies to enhance their services. However, the question arises – how long should...more
When negotiating technology or data services contracts, businesses of all sizes and industries are now spending more time and attention on privacy controls. The increasing prevalence of comprehensive U.S. state privacy laws...more
In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more
On May 17, 2023, the Delaware Supreme Court upheld a September 2022 decision dismissing a shareholder suit against SolarWinds Corporation. In 2021, shareholders sued SolarWinds (“the Company”) for a 2020 cybersecurity...more
On January 9, 2023, the Federal Trade Commission (“FTC”) finalized an order with Drizly, LLC, an online marketplace for alcohol delivery services, and its Chief Executive Officer (“CEO”), James Cory Rellas over alleged...more
In a trilogy of rulings released on November 25, 2022, the Ontario Court of Appeal (“Court”) has ruled that the tort of intrusion upon seclusion cannot extend to companies that collect and store personal information and fall...more
The Ontario Court of Appeal recently ruled that an organization that fails to take adequate steps to safeguard personal information in its possession cannot be held liable under the tort of intrusion upon seclusion when that...more
On Monday the Federal Trade Commission issued a press release stating it is settling a case against Drizly and its CEO for a data breach that exposed the information of 2.5 million consumers in July 2020. The proposed...more
Takeaway: To ensure investor safety and emphasize a commitment to user privacy, corporate executives and similarly-situated high ranking officers must not provide any statements or omissions that affirmatively create a...more
Last week the Federal Trade Commission announced a privacy and data security enforcement action against the online retail platform CafePress. The allegations in the FTC’s complaint read like a list of worst practices,...more
Data breach lawsuits are challenging cases for plaintiffs. Assuming they are able to survive a motion to dismiss on grounds of Article III standing in the first instance, plaintiffs next bear the high burden of achieving...more